One of the major goals of this book is to help clarify how Windows security works so you'll be able to use it effectively in your applications and also in your everyday life. But even if you have a perfect understanding of all the security features of the platform, and make all the right API calls and configure security policy very carefully to keep out attackers, if you don't write your code with security in mind, none of that will matter because you'll still be vulnerable to attack.

Look at the following C# method and count the number of security APIs that it uses.

 // this code has a really nasty security flaw void LogUserName(SqlConnection conn, string userName) { string sqlText = "insert user_names values('" ...